Legal

Privacy Policy

The CISTECH platform undertakes to protect the rights and legitimate interests of all platform users, including Buyers, Sellers, and Logistics Operators, and to implement reasonable and appropriate measures to ensure the confidentiality and security of the data provided by them.

Article 1. General Provisions

1.1. The CISTECH platform undertakes to protect the rights and legitimate interests of all platform users, including Buyers, Sellers, and Logistics Operators, and to implement reasonable and appropriate measures to ensure the confidentiality and security of the data provided by them. 1.2. This section has been developed in accordance with the applicable laws of the jurisdictions in which the Platform operates, as well as international regulations on personal data protection, including but not limited to: - the General Data Protection Regulation (GDPR), - the Law of the Republic of Kazakhstan “On Personal Data and Their Protection”, - Federal Law of the Russian Federation No. 152-FZ “On Personal Data”, - the Personal Information Protection Law of the People’s Republic of China (PIPL).

Article 2. Personal Data

2.1. Personal data refers to any information relating to an identified or identifiable user of the Platform, including but not limited to: full name, phone number, email address, company details, and other information provided by the user during registration and/or use of the Platform. 2.2. The CISTECH Platform collects and processes personal data solely for the following purposes: - user registration and identification; - fulfillment of orders and contractual obligations; - payment processing and accounting or tax compliance, where applicable; - service improvement, analytics, and internal statistical analysis. 2.3. Personal data is processed on lawful grounds, including the user’s consent provided during registration on the Platform and/or through the use of its functionalities, as well as on other legal grounds permitted by applicable law.

Article 3. Data Confidentiality and Security

3.1. The CISTECH Platform implements reasonable and technically appropriate measures to protect users’ personal data, including the use of encryption technologies, secure data transmission channels, and other generally accepted information security practices. 3.2. Access to personal data is granted solely to authorized employees of CISTECH and strictly limited to the extent necessary for the performance of their official duties. 3.3. The Platform does not disclose or transfer personal data to third parties without lawful grounds, including user consent, except where such disclosure is required under applicable law or pursuant to a lawful request from authorized governmental authorities. 3.4. In the event of a personal data security incident, CISTECH takes appropriate remedial measures and notifies affected users and competent authorities in accordance with the timelines and procedures prescribed by applicable law.

Article 4. User Rights

Users have the right to: 4.1. Request access to their personal data, including information about the methods and purposes of data processing on the CISTECH Platform. 4.2. Request the correction, update, modification, or deletion of their personal data in accordance with applicable laws and regulations. 4.3. Withdraw their consent to the processing of personal data at any time. Withdrawal of consent may result in restricted access to the Platform’s functionality or deletion of the user account, except for data that must be retained in accordance with applicable legal requirements. 4.4. Submit inquiries, requests, or complaints regarding personal data protection to CISTECH customer support or the designated Data Protection Office (DPO).

Article 5. Liability of the Parties

5.1. CISTECH is responsible for the processing and protection of users’ personal data and undertakes to implement reasonable and technically appropriate measures to prevent data loss, unauthorized access, alteration, or unlawful disclosure. 5.2. Users are responsible for the accuracy of the information they provide and for maintaining the confidentiality of their account credentials, including login details, passwords, and other authentication methods. 5.3. CISTECH shall not be liable for any losses resulting from unauthorized access to a user account where such access occurred due to the user’s actions or failure to comply with security requirements, except in cases where such losses were caused by the fault of the Platform.

Article 6. Data Retention and Deletion

6.1. Users' personal data is stored for the duration of the user account and, after its termination, for the period necessary to fulfill CISTECH's obligations under applicable laws and regulations, including accounting, tax, and financial reporting requirements (typically retained for 5 years). 6.2. Users have the right to request the deletion of their personal data. CISTECH processes such requests within a reasonable timeframe, and no later than 30 calendar days from the date of receipt, except for data that must be retained in accordance with applicable legal requirements. 6.3. How to Request Account Deletion: - Via Mobile App: Go to Profile > Settings > Delete Account. - Via Web Platform: Go to Profile > Delete Account. 6.4. Data Deleted or Anonymized Upon Request: When you request account deletion, we will permanently delete or anonymize all user-related data that is not required to be retained by law. This includes: - Profile information (name, email, phone number) - User-generated content (UGC), short videos, and comments - Product reviews and ratings Please note: chat histories and messages are handled differently in order to preserve the integrity of conversations for other participants. When your account is deleted: - Your identifying information is removed from chats (for example, your name and profile are detached or anonymized). - The content of messages you sent may be retained and remain visible to other participants in the conversation, where permitted by law and where necessary for service integrity, fraud prevention, or dispute resolution. 6.5. Data Retained After Deletion: For legal, tax, and accounting compliance, we are required to retain the following data even after account deletion (typically for a period of up to 5 years): - Order history and financial transaction records - Vendor invoices and tax documents

Article 7. Governing Law and Dispute Resolution

7.1. These terms, as well as matters related to user rights protection and the processing of personal data, shall be governed by the laws of the country in which the legal entity CISTECH is registered, unless otherwise required by mandatory provisions of applicable law. 7.2. Any disputes arising between the user and CISTECH shall, where possible, be resolved through negotiations and pre-trial settlement. 7.3. If an amicable resolution cannot be reached, the dispute shall be submitted to a competent court or arbitration body at the place of registration of CISTECH, unless otherwise provided by applicable consumer protection laws.